BD AntiSpam now works correctly under page caching, holds suspect submissions in a review queue instead of dropping them, and lets you write your own allow and block rules. This guide covers each feature and where to find it.
Cache-safe protection
Page caching used to break time-based spam checks because the token was baked into the cached HTML and served stale to every visitor. The token is now issued through a REST request when the form loads, so it stays fresh even when the page is cached by LiteSpeed or any other layer.
The token is a soft signal. A missing token never blocks a real visitor on its own — a submission is only flagged when at least one hard signal also fires. This keeps legitimate users from being caught by caching quirks.
Review and release from the queue
Suspect submissions are held in a quarantine queue instead of being silently discarded, so you can recover a real message that was caught by mistake. Open BD AntiSpam → Quarantine to review them.
- Release — accept a submission that was flagged in error.
- Whitelist — release and trust the sender so future submissions pass.
- Delete entries you confirm are spam.
Write custom rules
Under Settings → Rules, add your own keyword rules:
- Block keywords flag any submission that contains them.
- Allow keywords let trusted phrases through, useful when a legitimate message keeps tripping the general checks.
Rules are matched against submission content, so you can target the exact spam patterns your site sees.
Block by country and IP
Add IP and CIDR ranges to block known bad sources. You can also block by country where the geo header is available from your CDN.
Country blocking relies on a Cloudflare country header. If your site sits behind a different proxy that does not pass that header, country rules will not have data to act on — use IP and CIDR rules instead.
Weekly digest and webhook
Stay informed without checking the dashboard daily:
- Weekly digest — an email summary of what was blocked and what is waiting in the queue.
- Webhook — send spam events as JSON to an endpoint you control for logging or custom workflows.
Turn both on under Settings → Notifications.
Quick start
- Confirm protection is active on your forms — no setup is needed for the cache-safe token.
- Check the Quarantine tab to review held submissions and whitelist trusted senders.
- Add block keywords or IP ranges for any spam patterns specific to your site.
- Turn on the weekly digest so you see what is being stopped.